I have a desktop machine that is currently set up as an SVN server. Currently I have it set up to be accessible via http (using Apache), but only for the local network, as I wasn't confident in my handling of the security issues involved in opening it up.
My two options for handling that, as I see it, are SVN over SSH and setting up a VPN while maintaining the "local network only" configuration for SVN. Does anyone have a strong idea of the pros and cons of these two setups? In particular, I've never tried to set up a personal VPN before, so I don't know how much pain and expense is usually involved with OpenVPN and such.
[Aside: I don't know if this is actually more appropriate to SuperUser because it's a server for personal use - if it is, can someone please move it? Thanks!]
Why not use apache mod_dav_svn (w/wout mod_ssl) for providing remote access to your svn with apache basic auth at least.
If it's just you accessing it, svn+ssh is ABSOLUTELY the way to go. SSH is best-of-breed security, you get privacy and authentication for free, and if you run the server via SSH, you've already got it set up.
The only downside to doing it over SSH is that if you have multiple users accessing it, each has to have their own accounts and you have to manage permissions carefully or one person won't be able to access the repo after another person commits to it.
For that reason, I do not recommend svn+ssh for situations where multiple people will need commit access. In situations where just one person needs to commit, it's perfect.
You don't need to run SVN+SSH to secure your subversion repo, run it over https instead and you'll get enough encryption to prevent snooping. Access control is the next thing you add, so you always have to log on - and only give it a single user.
As long as the repo file are not accessible, you should be perfectly secure. If you really want to be paranoid, add a firewall or apache directive restricting access to your client IP only.